Effective date: March 25, 2026 · Last updated: March 25, 2026

Privacy Policy

At InsurifyAI, we take your privacy seriously. This Privacy Policy explains what information we collect, how we use it, and the choices you have. We have written this in plain language so it is easy to understand. This policy applies to all users of our website, mobile applications, and related services (collectively, the "Service").

1. Information We Collect

We collect information you provide directly and information generated automatically when you use the Service.

Information you provide

  • Account details — name, email address, phone number, and mailing address when you create an account.
  • Claim information — accident details, insurance policy numbers, claim numbers, photos, medical records, repair estimates, police reports, and other documents you upload.
  • Voice recordings — audio recordings during call coaching sessions, which are transcribed for AI analysis (collected only with your explicit consent).
  • Payment information — processed securely by Stripe. We do not store your full credit card number.
  • Insurance credentials — if you choose to link your insurance account, login credentials are encrypted using AES-256-GCM and stored with limited access. They are never logged or visible to our team.
  • Communications — messages you send us through support channels or in-app chat.

Information collected automatically

  • Device information — browser type, operating system, screen resolution, device model, and unique device identifiers.
  • Usage data — pages visited, features used, timestamps, click patterns, and referral sources.
  • IP address — used for security, fraud prevention, and approximate geolocation (city/state level only).
  • Cookies and similar technologies — we use essential cookies for authentication and session management, and optional analytics cookies with your consent. See Section 10 below for details.

2. How We Use Your Information

  • Provide the Service — process your claims, generate AI letters, deliver call coaching, and produce settlement analyses.
  • AI processing — analyze your claim data with artificial intelligence to generate personalized guidance, documents, and recommendations.
  • Service delivery — process payments, send transactional emails, and deliver requested outputs.
  • Analytics and improvement — understand how users interact with the Service to improve features, fix bugs, and enhance the user experience using de-identified, aggregated data.
  • Communicate with you — send transactional emails (receipts, status updates) and, with your consent, product updates and tips.
  • Ensure security — detect and prevent fraud, abuse, and unauthorized access.
  • Meet legal obligations — comply with applicable laws, regulations, and legal processes.

3. AI Data Handling

InsurifyAI uses artificial intelligence to analyze your claim data and generate documents, coaching suggestions, and strategy recommendations. Here is what you should know:

  • Your claim data is processed by our AI systems solely to provide the Service to you.
  • We use the Anthropic Claude API for language processing. Data sent to Anthropic via the API is not used to train their models. This is governed by our data processing agreement with Anthropic.
  • AI outputs (demand letters, estimates, coaching tips) are generated on a per-claim basis and are not shared with other users.
  • We may use de-identified, aggregated patterns to improve our AI models. Individual claim data is never used in a way that could identify you.
  • You can request deletion of your data and all associated AI outputs at any time (see "Your Rights" below).

4. Voice Recording Disclosure

Our call coaching feature involves the recording and transcription of voice audio:

  • Processing provider: Voice recordings are processed by Deepgram for speech-to-text transcription. Deepgram processes audio under our data processing agreement and does not retain your recordings after processing.
  • Consent: You will be prompted to provide explicit consent before each recording session begins. You may decline recording and still use other features.
  • Two-party consent states: If you reside in a two-party consent state (e.g., California, Florida, Illinois, Maryland, Massachusetts, Montana, New Hampshire, Oregon, Pennsylvania, Washington), you must obtain consent from all parties on the call before using the recording feature during live conversations.
  • Storage: Transcribed text is stored with your claim data. Raw audio files are deleted within 30 days of transcription.
  • Deletion: You may request deletion of all voice recordings and transcripts through your account settings.

5. Insurance Credential Handling

If you choose to link your insurance account for automated data retrieval:

  • Credentials are encrypted using AES-256-GCM before storage.
  • Encryption keys are managed through AWS Key Management Service (KMS) with automatic rotation.
  • Access to stored credentials is restricted to the automated retrieval service only. Human team members cannot view or access your insurance login details.
  • You may revoke access and delete stored credentials at any time through Settings > Privacy.

6. Information Sharing

We do not sell your personal information. We have not sold personal information in the preceding 12 months and have no plans to do so.

We share data only in these limited circumstances:

  • Service providers — trusted vendors who help us operate the Service, including:
    • Stripe (payment processing)
    • AWS (cloud hosting and storage)
    • Anthropic (AI language processing)
    • Deepgram (speech recognition)
    • Clerk (authentication)
    • PostHog (analytics, with consent)
    • Sentry (error monitoring)
    All service providers are contractually obligated to protect your data and use it only for the purposes we specify.
  • Legal requirements — when required by law, subpoena, court order, or government request.
  • Safety — to protect the rights, safety, or property of InsurifyAI, our users, or the public.
  • Business transfers — in connection with a merger, acquisition, or sale of assets, your information may be transferred. You will be notified of any such change in ownership or use of your data.

7. Data Retention

We retain your data for as long as necessary to provide the Service and comply with our legal obligations:

  • Claim data — retained for 7 years from claim closure, consistent with insurance industry record-keeping requirements.
  • Voice recordings (raw audio) — deleted within 30 days of transcription.
  • Voice transcripts — retained with claim data for up to 7 years.
  • Financial records — retained for 10 years as required by tax and financial regulations.
  • Personal account data — retained for 3 years after account closure, then securely deleted.
  • Audit logs — retained for 10 years for compliance and security purposes.
  • After account deletion — minimal records required for legal compliance are retained for up to 90 days, then permanently deleted.

You may request earlier deletion of your data subject to applicable legal retention requirements (see "Your Rights" below).

8. Your Rights

We respect your data rights. Depending on your location, you may have the following rights:

California Consumer Privacy Act (CCPA / CPRA)

If you are a California resident, the CCPA and California Privacy Rights Act (CPRA) grant you specific rights regarding your personal information:

  • Right to Know — you can request details about the categories and specific pieces of personal information we have collected, the sources of that information, the purposes for collection, and the categories of third parties with whom we share it.
  • Right to Delete — you can request that we delete personal information we have collected from you, subject to certain legal exceptions (e.g., data needed for legal compliance or to complete a transaction).
  • Right to Correct — you can request that we correct inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing — we do not sell or share personal information for cross-context behavioral advertising. If our practices change, we will provide a clear "Do Not Sell or Share My Personal Information" mechanism.
  • Right to Limit Use of Sensitive Personal Information — you can request that we limit our use of sensitive personal information to what is necessary to provide the Service.
  • Right to Non-Discrimination — we will not discriminate against you for exercising any of your privacy rights.

Categories of personal information collected: Identifiers (name, email, IP address), commercial information (payment history), internet/network activity (usage data), geolocation data (approximate), audio information (voice recordings with consent), professional information (insurance claim details), and inferences drawn from the above.

GDPR Rights (European Economic Area)

If you are located in the European Economic Area, you may have additional rights under the General Data Protection Regulation:

  • Right of access — request a copy of your personal data.
  • Right to rectification — correct inaccurate data.
  • Right to erasure — request deletion of your data.
  • Right to restrict processing — limit how we use your data.
  • Right to data portability — receive your data in a structured, machine-readable format.
  • Right to object — object to processing based on legitimate interests.

Our legal basis for processing includes: performance of a contract (providing the Service), consent (voice recordings, analytics cookies), and legitimate interests (security, fraud prevention).

All users

Regardless of your location, you may:

  • Access and download a copy of your data.
  • Correct inaccurate information in your account.
  • Delete your account and associated data.
  • Withdraw consent for optional data processing (e.g., analytics cookies).

To exercise your rights, you may submit a request through your account settings or by emailing privacy@insurifyai.app. We will respond to verifiable requests within 45 calendar days.

9. Security Measures

We implement industry-standard security measures to protect your data:

  • Encryption at rest — all stored data is encrypted using AES-256-GCM.
  • Encryption in transit — all network communication uses TLS 1.3.
  • Key rotation — encryption keys are rotated every 90 days.
  • Access controls — role-based access controls limit employee access to user data.
  • Audit logging — all access to user data is logged and monitored.
  • Infrastructure — hosted on AWS with SOC 2 Type II certified infrastructure.

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. If you believe your account has been compromised, contact us immediately.

10. Cookie Policy

We use the following types of cookies and similar technologies:

Essential Cookies (Always Active)

Required for the Service to function. Includes authentication tokens, session management, and security cookies. These cannot be disabled.

Analytics Cookies (Optional)

Help us understand how users interact with the Service. We use PostHog for privacy-focused analytics. These cookies are only set with your consent.

Marketing Cookies (Optional)

Used to deliver relevant content and measure ad effectiveness. Currently, we do not use marketing cookies, but we may in the future with your consent.

You can manage your cookie preferences at any time through the cookie consent banner or your browser settings.

11. Children's Privacy (COPPA)

InsurifyAI is not intended for use by individuals under the age of 18. In compliance with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under the age of 13. If we become aware that we have collected personal information from a child under 13, we will take immediate steps to delete that information. If you believe a child has provided us with personal information, please contact us at privacy@insurifyai.app.

12. State-Specific Disclosures

In addition to the CCPA rights described above, residents of certain states have additional privacy rights:

Virginia (VCDPA)

Virginia residents have the right to access, correct, delete, obtain a copy of, and opt out of the processing of personal data for targeted advertising or sale. To exercise these rights or appeal a decision regarding your request, email privacy@insurifyai.app.

Colorado (CPA)

Colorado residents have similar rights to access, correct, delete, and opt out. You may also opt out of profiling in furtherance of decisions that produce legal or similarly significant effects. Contact us at privacy@insurifyai.app to exercise your rights or appeal a decision.

Connecticut (CTDPA)

Connecticut residents have the right to access, correct, delete, obtain a copy of, and opt out of the processing of personal data for targeted advertising, sale, or profiling. Contact us at privacy@insurifyai.app to exercise your rights.

13. Changes to This Policy

We may update this Privacy Policy from time to time by posting the revised version on this page with a new "Last updated" date. If we make material changes, we will notify you by email or through an in-app notification at least 30 days before the changes take effect.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your data.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

See also our Terms of Service for the rules governing your use of InsurifyAI.